zstack-cli

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates environment management by executing the zstack binary, including instructions for local builds using go build in a specific user directory.
  • [COMMAND_EXECUTION]: Provides interactive access to managed environments via the zstack shell command.
  • [CREDENTIALS_UNSAFE]: Orchestrates authentication workflows using zstack auth login which processes email and password credentials, and supports the creation of scoped API tokens.
  • [DATA_EXFILTRATION]: Exposes high-privilege data access commands including zstack secrets list, zstack files download for retrieving environment files, and zstack db query for executing arbitrary SQL.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating untrusted parameters such as environment IDs, branch names, and hostnames into shell commands. Ingestion points: User-provided arguments for environment, branch, and domain commands. Boundary markers: None present. Capability inventory: Runtime shell access, database queries, file downloads, and secret listing. Sanitization: None described; safety depends on the underlying CLI implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:05 PM
Security Audit — agent-trust-hub — zstack-cli